SAP Enterprise Application Software

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430

CVE-2022-32245 8.2 - High - August 10, 2022

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 430, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. On successful exploitation, the attacker can view any data available for a business user and put load on the application by an automated attack. Thus, completely compromising confidentiality but causing a limited impact on the availability of the application.

Cleartext Transmission of Sensitive Information

Under certain conditions SAP Authenticator for Android

CVE-2022-35290 7.5 - High - August 10, 2022

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account

CVE-2022-35293 9.1 - Critical - August 10, 2022

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application.

AuthZ

Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs

CVE-2022-35291 8.1 - High - July 27, 2022

Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application

Improper Privilege Management

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430

CVE-2022-35169 6 - Medium - July 12, 2022

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.

Information Disclosure

Due to missing authentication check, SAP Business one License service API - version 10.0

CVE-2022-28771 7.5 - High - July 12, 2022

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. On successful exploitation, an attacker can break the whole application making it inaccessible.

authentification

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430

CVE-2022-32246 4.6 - Medium - July 12, 2022

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application

SQL Injection

SAP NetWeaver Enterprise Portal - versions 7.10

CVE-2022-32247 6.1 - Medium - July 12, 2022

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

XSS

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101

CVE-2022-32248 5.3 - Medium - July 12, 2022

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data.

Improper Input Validation

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker

CVE-2022-32249 7.5 - High - July 12, 2022

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)

Exposure of Resource to Wrong Sphere

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker

CVE-2022-35168 7.5 - High - July 12, 2022

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.

XXE

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application

CVE-2022-31593 8.8 - High - July 12, 2022

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

Injection

SAP NetWeaver Enterprise Portal does - versions 7.10

CVE-2022-35170 6.1 - Medium - July 12, 2022

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.

XSS

SAP NetWeaver Enterprise Portal - versions 7.10

CVE-2022-35225 6.1 - Medium - July 12, 2022

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.

XSS

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input

CVE-2022-35227 6.1 - Medium - July 12, 2022

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.

XSS

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received

CVE-2022-35171 5.5 - Medium - July 12, 2022

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below

Improper Input Validation

SAP NetWeaver Enterprise Portal - versions 7.10

CVE-2022-35172 6.1 - Medium - July 12, 2022

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

XSS

Within SAP S/4HANA - versions S4CORE 101

CVE-2022-31597 5.4 - Medium - July 12, 2022

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

AuthZ

SAP Enterprise Portal - versions 7.10

CVE-2022-35224 6.1 - Medium - July 12, 2022

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim?s web browser session.

XSS

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430

CVE-2022-29619 6.5 - Medium - July 12, 2022

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.

AuthZ

SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element

CVE-2022-31591 7.8 - High - July 12, 2022

SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service

Unquoted Search Path or Element

The application SAP Enterprise Extension Defense Forces & Public Security - versions 605

CVE-2022-31592 4.3 - Medium - July 12, 2022

The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.

AuthZ

Due to insufficient input validation, SAP Business Objects - version 420

CVE-2022-31598 5.4 - Medium - July 12, 2022

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

Insufficient Verification of Data Authenticity

SAP BusinessObjects CMC

CVE-2022-35228 8.8 - High - July 12, 2022

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received

CVE-2022-32240 5.5 - Medium - June 14, 2022

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received

CVE-2022-32241 5.5 - Medium - June 14, 2022

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received

CVE-2022-32242 5.5 - Medium - June 14, 2022

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received

CVE-2022-32243 5.5 - Medium - June 14, 2022

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received

CVE-2022-32236 5.5 - Medium - June 14, 2022

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received

CVE-2022-32237 5.5 - Medium - June 14, 2022

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received

CVE-2022-32238 5.5 - Medium - June 14, 2022

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received

CVE-2022-32239 3.3 - Low - June 14, 2022

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data

CVE-2022-31589 6.5 - Medium - June 14, 2022

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.

AuthZ

A highly privileged user

CVE-2022-31594 6.7 - Medium - June 14, 2022

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk

CVE-2022-29614 5 - Medium - June 14, 2022

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.

SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x

CVE-2022-29615 3.4 - Low - June 14, 2022

SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x.

Marshaling, Unmarshaling

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50

CVE-2022-29618 6.1 - Medium - June 14, 2022

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the users browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

XSS

SAP PowerDesigner Proxy - version 16.7

CVE-2022-31590 7.8 - High - June 14, 2022

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around systems root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.

SAP Financial Consolidation - version 1010

CVE-2022-31595 8.8 - High - June 14, 2022

SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

AuthZ

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received

CVE-2022-32235 5.5 - Medium - June 14, 2022

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter

CVE-2022-27668 9.8 - Critical - June 14, 2022

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.

AuthZ

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22

CVE-2022-29612 4.3 - Medium - June 14, 2022

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application.

XSPA

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks

CVE-2022-28217 6.5 - Medium - June 13, 2022

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash.

XSPA

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform

CVE-2020-6220 4.7 - Medium - June 06, 2022

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victims session is active.

XSS

Due to improper error handling an authenticated user can crash CLA assistant instance

CVE-2022-29617 6.5 - Medium - June 06, 2022

Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application.

Improper Handling of Exceptional Conditions

SAP Host Agent, SAP NetWeaver and ABAP Platform

CVE-2022-29616 7.5 - High - May 11, 2022

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.

Memory Corruption

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs

CVE-2022-27656 6.1 - Medium - May 11, 2022

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

XSS

Under certain conditions, the SAP Host Agent logfile shows information

CVE-2022-28774 5.5 - Medium - May 11, 2022

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.

Insertion of Sensitive Information into Log File

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user

CVE-2022-29611 8.8 - High - May 11, 2022

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

AuthZ

Due to insufficient input validation, SAP Employee Self Service

CVE-2022-29613 4.3 - Medium - May 11, 2022

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application.

Improper Input Validation

During an update of SAP BusinessObjects Enterprise

CVE-2022-28214 7.8 - High - May 11, 2022

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems Confidentiality, Integrity, and Availability.

Cleartext Storage of Sensitive Information

SAP NetWeaver Application Server ABAP

CVE-2022-29610 5.4 - Medium - May 11, 2022

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.

XSS

When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received

CVE-2022-27655 6.5 - Medium - April 12, 2022

When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

A highly privileged remote attacker

CVE-2022-27657 2.7 - Low - April 12, 2022

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.

Directory traversal

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430

CVE-2022-27667 7.5 - High - April 12, 2022

Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

Information Disclosure

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to

CVE-2022-27669 7.5 - High - April 12, 2022

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.

AuthZ

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries

CVE-2022-27670 6.5 - Medium - April 12, 2022

SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.

Insecure Direct Object Reference

When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received

CVE-2022-27654 6.5 - Medium - April 12, 2022

When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

CVE-2022-27671 6.5 - Medium - April 12, 2022

A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.

Insertion of Sensitive Information Into Sent Data

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted

CVE-2022-28213 8.1 - High - April 12, 2022

When a user access SOAP Web services in SAP BusinessObjects Business Intelligence Platform - version 420, 430, it does not sufficiently validate the XML document accepted from an untrusted source, which might result in arbitrary files retrieval from the server and in successful exploits of DoS.

Missing XML Validation

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787

CVE-2022-28215 4.7 - Medium - April 12, 2022

SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.

Open Redirect

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420

CVE-2022-28216 6.1 - Medium - April 12, 2022

SAP BusinessObjects Business Intelligence Platform (BI Workspace) - version 420, is susceptible to a Cross-Site Scripting attack by an unauthenticated attacker due to improper sanitization of the user inputs on the network. On successful exploitation, an attacker can access certain reports causing a limited impact on confidentiality of the application data.

XSS

Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75

CVE-2022-28770 6.1 - Medium - April 12, 2022

Due to insufficient input validation, SAPUI5 library(vbm) - versions 750, 753, 754, 755, 75, allows an unauthenticated attacker to inject a script into the URL and execute code. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

XSS

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86

CVE-2022-28772 7.5 - High - April 12, 2022

By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.85, 7.86, or Internet Communication Manager - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, which makes these programs unavailable, leading to denial of service.

Memory Corruption

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but

CVE-2022-28773 7.5 - High - April 12, 2022

Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial of service, but can be restarted automatically.

Resource Exhaustion

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may

CVE-2022-22541 6.5 - Medium - April 12, 2022

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, may allow legitimate users to access information they shouldn't see through relational or OLAP connections. The main impact is the disclosure of company data to people that shouldn't or don't need to have access.

SAP NetWeaver Enterprise Portal - versions 7.10

CVE-2022-26105 6.1 - Medium - April 12, 2022

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.

XSS

When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received

CVE-2022-26106 6.5 - Medium - April 12, 2022

When a user opens a manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received

CVE-2022-26107 6.5 - Medium - April 12, 2022

When a user opens a manipulated Jupiter Tesselation (.jt, JTReader.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received

CVE-2022-26108 6.5 - Medium - April 12, 2022

When a user opens a manipulated Picture Exchange (.pcx, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received

CVE-2022-26109 6.5 - Medium - April 12, 2022

When a user opens a manipulated Portable Document Format (.pdf, PDFView.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.

Improper Input Validation

Under certain conditions, SAP Innovation management - version 2.0

CVE-2022-27658 7.5 - High - March 28, 2022

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.

AuthZ

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50

CVE-2022-26103 5.3 - Medium - March 10, 2022

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.

SAP Financial Consolidation - version 10.1

CVE-2022-26104 5.3 - Medium - March 10, 2022

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.

AuthZ

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive

CVE-2022-26100 9.8 - Critical - March 10, 2022

SAPCAR - version 7.22, does not contain sufficient input validation on the SAPCAR archive. As a result, the SAPCAR process may crash, and the attacker may obtain privileged access to the system.

Improper Input Validation

Fiori launchpad - versions 754

CVE-2022-26101 6.1 - Medium - March 10, 2022

Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

XSS

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction

CVE-2022-26102 5.4 - Medium - March 10, 2022

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.

AuthZ

SAP NetWeaver Enterprise Portal - versions 7.10

CVE-2022-24395 6.1 - Medium - March 10, 2022

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

XSS

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack

CVE-2022-24397 6.1 - Medium - March 10, 2022

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victims web browser.

XSS

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430

CVE-2022-24398 6.5 - Medium - March 10, 2022

Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.

The SAP Focused Run (Real User Monitoring) - versions 200

CVE-2022-24399 6.1 - Medium - March 10, 2022

The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.

XSS

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities

CVE-2022-24396 7.8 - High - March 10, 2022

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.

Missing Authentication for Critical Function

Simple Diagnostics Agent - versions 1.0 (up to version 1.57

CVE-2022-22547 7.5 - High - March 10, 2022

Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.

Information Disclosure

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information

CVE-2022-22543 7.5 - High - February 09, 2022

SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.

Resource Exhaustion

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code

CVE-2022-22534 6.1 - Medium - February 09, 2022

Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.

XSS

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report

CVE-2022-22535 6.5 - Medium - February 09, 2022

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.

AuthZ

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received

CVE-2022-22537 6.5 - Medium - February 09, 2022

When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

Improper Input Validation

When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received

CVE-2022-22538 6.5 - Medium - February 09, 2022

When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

Improper Input Validation

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received

CVE-2022-22539 6.5 - Medium - February 09, 2022

When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.

Improper Input Validation

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries

CVE-2022-22540 7.5 - High - February 09, 2022

SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.

SQL Injection

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor

CVE-2022-22542 6.5 - Medium - February 09, 2022

S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.

Information Disclosure

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720

CVE-2022-22544 9.1 - Critical - February 09, 2022

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service.

A high privileged user who has access to transaction SM59

CVE-2022-22545 4.9 - Medium - February 09, 2022

A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.

Information Disclosure

Due to improper HTML encoding in input control summary, an authorized attacker

CVE-2022-22546 5.4 - Medium - February 09, 2022

Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.

XSS

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request

CVE-2022-22532 9.8 - Critical - February 09, 2022

In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.

HTTP Request Smuggling

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such

CVE-2022-22533 7.5 - High - February 09, 2022

Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.

Dangling pointer

SAP NetWeaver Application Server ABAP

CVE-2022-22536 10 - Critical - February 09, 2022

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.

HTTP Request Smuggling

SAP Business One - version 10.0, extended log stores information

CVE-2021-44234 5.5 - Medium - January 14, 2022

SAP Business One - version 10.0, extended log stores information that can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

Insertion of Sensitive Information into Log File

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be

CVE-2021-42067 4.3 - Medium - January 14, 2022

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see. No information alteration or denial of service is possible.

Exposure of Resource to Wrong Sphere

SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs

CVE-2022-22529 6.1 - Medium - January 14, 2022

SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI.

XSS